<?php

$given_username = $_POST["username"];
$given_password = $_POST["password"];

$self   = $_SERVER['PHP_SELF'];

$err_string = "";

$viewer = "listView.php";

include_once("db_login.php");
$cnx = connect_to_db();
if (!$cnx) {
	die("Couldn't connect to database: " . mysql_error());
}


if ($given_username != NULL) {

	$query_res = mysql_query("SELECT password FROM user WHERE username = \"$given_username\"");
	$passwd_array = mysql_fetch_array($query_res, MYSQL_NUM);
	$the_password = $passwd_array[0];
	
	//echo "supplied password is '$given_passwd' and real password is '$the_passwd'";
	//echo "Given username is $given_username";
	//echo "Comparing " . $given_password . "and " . $the_password;
	if (strcmp($given_password,$the_password) != 0) {
		$err_string = "<font color=\"red\"><b>Error:</b> Invalid password. "
 					  . "Please try again</font><br /><br />";
		
		render_header();
		render_start();			  
		render_form();
		render_end();
		
	}
	else {
		// the user supplied the correct password !
		//echo "<p> Please wait. Logging in ... </p>";
		//echo ('<meta http-equiv="refresh" content="0;url=http://www.google.com">');
		
		session_start();
		
		$query_res = mysql_query("SELECT user_id,firstname FROM user WHERE username=\"$given_username\"");
		$entry = mysql_fetch_array($query_res, MYSQL_ASSOC);
	
		//$entry = $row[0];
		
		//echo $row["firstname"];
		//$reg_users[$row["user_id"]] = $row["firstname"] . " " . $row["lastname"];	
		$uid  = $entry["user_id"];
		$name = $entry["firstname"]; 
		
		$_SESSION["uid"]  = $uid;
		$_SESSION["name"] = $name;
		$_SESSION["auth"] = true;
		$_SESSION["username"] = $given_username;
		
		// best way to redirect here ?!?
		header("Location: list_view.php");
		exit();
		//include("list_view.php");
		
	}

}

else {
	render_header();
	render_start();
	render_form();
	render_end();
}


function render_header() {
	echo ('<html xmlns="http://www.w3.org/1999/xhtml">
		<head>
		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
		<link href="moddweb.css" rel="stylesheet" type="text/css">
		<title>MoDD Log In</title>
		</head>'
	);
}

function render_start() {
	echo ('<body>
		<div class="nice_box">
		<img src="Modd.png" ALIGN="left" HSPACE="40px" >
		<h2> Welcome to MoDD </h2>
		<p> Please log in below using your username and password </p>
		');
}

function render_end() {
	echo ('</body></html>');

}

function render_form() {

	/*
	$query_res = mysql_query("SELECT user_id,firstname,lastname FROM user");
	
	$reg_users = array();
	
	while ($row = mysql_fetch_array($query_res, MYSQL_ASSOC)) {
		//echo $row["firstname"];
		$reg_users[$row["user_id"]] = $row["firstname"] . " " . $row["lastname"];
	
	}
	*/
	
	global $err_string;
	echo $err_string;
	
	
	// Don't need this code here - this is for if you want to include all users
	// name in a list - NOT a good idea :)
	/*
	echo('<form action="' . $self . '" method="POST">
	<label>Enter username: </label>
	<SELECT NAME="user">
	<option VALUE="none"></option>');
	foreach ($reg_users as $key => $value) {
		echo('<OPTION VALUE="' . $key . '">' . $value . "</option>");
	}
	echo ("</SELECT>");
	*/
	
	echo ('<form action="' . $self . '" method="POST">');
	echo ('<table><tr><td>
		<label>Username: </label>
		</td><td>
		<input type="text" name="username" size="20">
		</td>
		</tr>');
	
	echo ('<tr><td>');
	echo ("<label>Password: </label></td>");
	echo ("<td><input type=\"password\" name=\"password\" size=\"20\" /> </td>");
	
	echo ("<tr><td><input type=\"submit\" value=\"Log In\" /></td></tr></table>
		  </form>
		  ");
	echo ('</div>');
}

?>


</body>
</html>

